[PATCH] SPNEGO version2
David Woodhouse
dwmw2 at infradead.org
Tue Feb 24 08:13:48 PST 2015
On Tue, 2015-02-24 at 16:26 +0100, Nikos Mavrogiannopoulos wrote:
> > We might want to add an openconnect_set_http_auth() function to
> > parallel the openconnect_set_proxy_auth() one?
>
> No idea. What is the reason for the proxy equivalent? Is it to not
> transparently allow authentication methods that a user doesn't want
> to?
Indeed. In particular there are cases where Negotiate would fail and we
just need to use NTLM instead. And to *enable* Basic auth, which is
disabled by default.
I disabled Basic by default for proxies since the password would be sent
as cleartext. That's not true for general HTTP auth but Basic is
disabled by default there anyway.
I've implemented openconnect_set_http_auth() now.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150224/55f81e33/attachment.bin>
More information about the openconnect-devel
mailing list